Skip to content

Commit

Permalink
[Feature] Report Privacy Related Capabilities in Admin (joomla#37)
Browse files Browse the repository at this point in the history
* Begin the capabilities reporting screen, list some core capabilities

* Add the plugin reporting hook to capability collection

* Add notes about hashed cookie name

* Import installer plugin group to capabilities to be able to include install from web without needing a second plugin

* Add info about core communications to joomla.org due to conflicting opinions/guidance on handling of IP addresses
  • Loading branch information
mbabker authored May 25, 2018
1 parent e90b93c commit 525dfe8
Show file tree
Hide file tree
Showing 11 changed files with 317 additions and 0 deletions.
6 changes: 6 additions & 0 deletions administrator/components/com_privacy/helpers/privacy.php
Original file line number Diff line number Diff line change
Expand Up @@ -32,5 +32,11 @@ public static function addSubmenu($vName)
'index.php?option=com_privacy',
$vName === 'requests'
);

JHtmlSidebar::addEntry(
JText::_('COM_PRIVACY_SUBMENU_CAPABILITIES'),
'index.php?option=com_privacy&view=capabilities',
$vName === 'capabilities'
);
}
}
101 changes: 101 additions & 0 deletions administrator/components/com_privacy/models/capabilities.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
<?php
/**
* @package Joomla.Administrator
* @subpackage com_privacy
*
* @copyright Copyright (C) 2005 - 2018 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/

defined('_JEXEC') or die;

/**
* Capabilities model class.
*
* @since __DEPLOY_VERSION__
*/
class PrivacyModelCapabilities extends JModelLegacy
{
/**
* Retrieve the extension capabilities.
*
* @return array
*
* @since __DEPLOY_VERSION__
*/
public function getCapabilities()
{
$app = JFactory::getApplication();

/*
* Capabilities will be collected in two parts:
*
* 1) Core capabilities - This will cover the core API, i.e. all library level classes
* 2) Extension capabilities - This will be collected by a plugin hook to select plugin groups
*
* Plugins which report capabilities should return an associative array with a single root level key which is used as the title
* for the reporting section and an array with each value being a separate capability. All capability messages should be translated
* by the extension when building the array. An example of the structure expected to be returned from plugins can be found in the
* $coreCapabilities array below.
*/

$coreCapabilities = array(
JText::_('COM_PRIVACY_HEADING_CORE_CAPABILITIES') => array(
JText::_('COM_PRIVACY_CORE_CAPABILITY_SESSION_IP_ADDRESS_AND_COOKIE'),
JText::sprintf('COM_PRIVACY_CORE_CAPABILITY_LOGGING_IP_ADDRESS', $app->get('log_path', JPATH_ADMINISTRATOR . '/logs')),
JText::_('COM_PRIVACY_CORE_CAPABILITY_COMMUNICATION_WITH_JOOMLA_ORG'),
)
);

/*
* We will search for capabilities from the following plugin groups:
*
* - Authentication: These plugins by design process user information and may have capabilities such as creating cookies
* - Captcha: These plugins may communicate information to third party systems
* - Installer: These plugins can add additional install capabilities to the Extension Manager, such as the Install from Web service
* - Privacy: These plugins are the primary integration point into this component
* - User: These plugins are intended to extend the user management system
*
* This is in addition to plugin groups which are imported before this method is triggered, generally this is the system group.
*/

JPluginHelper::importPlugin('authentication');
JPluginHelper::importPlugin('captcha');
JPluginHelper::importPlugin('installer');
JPluginHelper::importPlugin('privacy');
JPluginHelper::importPlugin('user');

$pluginResults = $app->triggerEvent('onPrivacyCollectAdminCapabilities');

// We are going to "cheat" here and include this component's capabilities without using a plugin
$extensionCapabilities = array(
JText::_('COM_PRIVACY') => array(
JText::_('COM_PRIVACY_EXTENSION_CAPABILITY_PERSONAL_INFO'),
)
);

foreach ($pluginResults as $pluginResult)
{
$extensionCapabilities += $pluginResult;
}

// Sort the extension list alphabetically
ksort($extensionCapabilities);

// Always prepend the core capabilities to the array
return $coreCapabilities + $extensionCapabilities;
}

/**
* Method to auto-populate the model state.
*
* @return void
*
* @since __DEPLOY_VERSION__
*/
protected function populateState()
{
// Load the parameters.
$this->setState('params', JComponentHelper::getParams('com_privacy'));
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
<?php
/**
* @package Joomla.Administrator
* @subpackage com_privacy
*
* @copyright Copyright (C) 2005 - 2018 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/

defined('_JEXEC') or die;

/** @var PrivacyViewCapabilities $this */

?>
<?php if (!empty($this->sidebar)) : ?>
<div id="j-sidebar-container" class="span2">
<?php echo $this->sidebar; ?>
</div>
<div id="j-main-container" class="span10">
<?php else : ?>
<div id="j-main-container">
<?php endif; ?>
<div class="alert alert-info">
<h4 class="alert-heading"><?php echo JText::_('COM_PRIVACY_MSG_CAPABILITIES_ABOUT_THIS_INFORMATION'); ?></h4>
<?php echo JText::_('COM_PRIVACY_MSG_CAPABILITIES_INTRODUCTION'); ?>
</div>
<?php if (empty($this->capabilities)) : ?>
<div class="alert alert-no-items">
<?php echo JText::_('COM_PRIVACY_MSG_CAPABILITIES_NO_CAPABILITIES'); ?>
</div>
<?php else : ?>
<?php $i = 0; ?>
<?php echo JHtml::_('bootstrap.startAccordion', 'slide-capabilities', array('active' => 'slide-0')); ?>

<?php foreach ($this->capabilities as $extension => $capabilities) : ?>
<?php echo JHtml::_('bootstrap.addSlide', 'slide-capabilities', $extension, 'slide-' . $i); ?>
<?php if (empty($capabilities)) : ?>
<div class="alert alert-no-items">
<?php echo JText::_('COM_PRIVACY_MSG_EXTENSION_NO_CAPABILITIES'); ?>
</div>
<?php else : ?>
<ul>
<?php foreach ($capabilities as $capability) : ?>
<li><?php echo $capability; ?></li>
<?php endforeach; ?>
</ul>
<?php endif; ?>
<?php echo JHtml::_('bootstrap.endSlide'); ?>
<?php $i++; ?>
<?php endforeach; ?>

<?php echo JHtml::_('bootstrap.endAccordion'); ?>
<?php endif; ?>
</div>
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
<?php
/**
* @package Joomla.Administrator
* @subpackage com_privacy
*
* @copyright Copyright (C) 2005 - 2018 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/

defined('_JEXEC') or die;

/**
* Capabilities view class
*
* @since __DEPLOY_VERSION__
*/
class PrivacyViewCapabilities extends JViewLegacy
{
/**
* The reported extension capabilities
*
* @var array
* @since __DEPLOY_VERSION__
*/
protected $capabilities;

/**
* The HTML markup for the sidebar
*
* @var string
* @since __DEPLOY_VERSION__
*/
protected $sidebar;

/**
* The state information
*
* @var JObject
* @since __DEPLOY_VERSION__
*/
protected $state;

/**
* Execute and display a template script.
*
* @param string $tpl The name of the template file to parse; automatically searches through the template paths.
*
* @return mixed A string if successful, otherwise an Error object.
*
* @see JViewLegacy::loadTemplate()
* @since __DEPLOY_VERSION__
* @throws Exception
*/
public function display($tpl = null)
{
// Initialise variables
$this->capabilities = $this->get('Capabilities');
$this->state = $this->get('State');

// Check for errors.
if (count($errors = $this->get('Errors')))
{
throw new Exception(implode("\n", $errors), 500);
}

$this->addToolbar();

$this->sidebar = JHtmlSidebar::render();

return parent::display($tpl);
}

/**
* Add the page title and toolbar.
*
* @return void
*
* @since __DEPLOY_VERSION__
*/
protected function addToolbar()
{
JToolbarHelper::title(JText::_('COM_PRIVACY_VIEW_CAPABILITIES'), 'dashboard');

JToolbarHelper::preferences('com_privacy');
}
}
12 changes: 12 additions & 0 deletions administrator/language/en-GB/en-GB.com_privacy.ini
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,11 @@
COM_PRIVACY="Privacy"
COM_PRIVACY_ACTION_VIEW="View Request"
COM_PRIVACY_CONFIGURATION="Privacy: Options"
COM_PRIVACY_CORE_CAPABILITY_COMMUNICATION_WITH_JOOMLA_ORG="When a network connection is available, a Joomla installation will attempt to communicate with the joomla.org servers for various capabilities, to include:<ul><li>Checking for updates for the Joomla application</li><li>Help screens for core Joomla extensions</li><li>The Install from Web service (opt-in)</li><li>The statistics collection server (opt-in)</li></ul>As with all HTTP requests, the IP address of your server will be transmitted as part of the request. For information on how Joomla processes data on its servers, please review our <a href=\"https://www.joomla.org/privacy-policy.html\" target=\"_blank\" rel=\"noopener noreferrer\">privacy policy</a>."
; The placeholder for this key is the configured log path for the site.
COM_PRIVACY_CORE_CAPABILITY_LOGGING_IP_ADDRESS="Joomla's logging system records the IP address of the visitor which led to a message being written to its log files. These log files are used to record various activity on a Joomla site, including information related to core updates, invalid login attempts, unhandled errors, and development information such as the use of deprecated APIs. The format of these log files may be customised by any extension which configures a logger, therefore you are encouraged to download and review the log files for your website which may be found at `%s`."
COM_PRIVACY_CORE_CAPABILITY_SESSION_IP_ADDRESS_AND_COOKIE="All requests to a Joomla website start a session which stores the IP address in the session data and creates a session cookie in the user's browser. The IP address is used as a security measure to help protect against potential session hijacking attacks and this information is deleted once the session has expired and its data purged. The session cookie's name is based on a randomly generated hash and therefore does not have a constant identifier. The session cookie is destroyed once the session has expired or the user has exited their browser."
COM_PRIVACY_EXTENSION_CAPABILITY_PERSONAL_INFO="In order to process information requests, information about the user must be collected and logged for the purposes of retaining an audit log. The request system is based on an individual's email address which will be used to link the request to an existing site user if able."
; You can use the following merge codes for all COM_PRIVACY_EMAIL strings:
; [SITENAME] Site name, as set in Global Configuration.
; [URL] URL of the site's frontend page.
Expand All @@ -28,6 +33,7 @@ COM_PRIVACY_FIELD_STATUS_DESC="The status of the information request."
COM_PRIVACY_FIELD_USER_ID_DESC="The user account for the individual owning the information being requested, if one exists."
COM_PRIVACY_FIELD_USER_ID_LABEL="Associated User"
COM_PRIVACY_FILTER_SEARCH_LABEL="Search Requests"
COM_PRIVACY_HEADING_CORE_CAPABILITIES="Joomla Core Capabilities"
COM_PRIVACY_HEADING_EMAIL_ASC="Email ascending"
COM_PRIVACY_HEADING_EMAIL_DESC="Email descending"
COM_PRIVACY_HEADING_REQUEST_TYPE="Request Type"
Expand All @@ -40,7 +46,11 @@ COM_PRIVACY_HEADING_REQUESTED_AT_ASC="Requested ascending"
COM_PRIVACY_HEADING_REQUESTED_AT_DESC="Requested descending"
COM_PRIVACY_HEADING_STATUS_ASC="Status ascending"
COM_PRIVACY_HEADING_STATUS_DESC="Status descending"
COM_PRIVACY_MSG_CAPABILITIES_ABOUT_THIS_INFORMATION="About This Information"
COM_PRIVACY_MSG_CAPABILITIES_INTRODUCTION="The information on this screen is collected from extensions which report their privacy related capabilities to this system. It is intended to help site owners be aware of the capabilities of installed extensions and provide information to help owners create local site policies such as a privacy policy. As this screen requires extensions to support its reporting system, and only displays information from enabled extensions, this should not be considered a complete list and you are encouraged to consult each extension's documentation for more information."
COM_PRIVACY_MSG_CAPABILITIES_NO_CAPABILITIES="There are no reported extension capabilities."
COM_PRIVACY_MSG_CONFIRM_EMAIL_SENT_TO_USER="A confirmation email for this request has been sent to the user."
COM_PRIVACY_MSG_EXTENSION_NO_CAPABILITIES="This extension does not report any capabilities."
COM_PRIVACY_MSG_REQUESTS_NO_REQUESTS="There are no information requests matching your query."
COM_PRIVACY_REQUEST_COMPLETED="The request has been completed."
COM_PRIVACY_REQUEST_INVALIDATED="The request has been invalidated."
Expand All @@ -50,11 +60,13 @@ COM_PRIVACY_STATUS_CONFIRMED="Confirmed"
COM_PRIVACY_STATUS_INVALID="Invalid"
COM_PRIVACY_STATUS_PENDING="Pending"
COM_PRIVACY_SEARCH_IN_EMAIL="Search in requestor email address. Prefix with ID: to search for a request ID."
COM_PRIVACY_SUBMENU_CAPABILITIES="Capabilities"
COM_PRIVACY_SUBMENU_REQUESTS="Requests"
COM_PRIVACY_TOOLBAR_COMPLETE="Complete"
COM_PRIVACY_TOOLBAR_INVALIDATE="Invalidate"
COM_PRIVACY_USER_FIELD_EMAIL_DESC="The email address of the individual owning the information being requested."
COM_PRIVACY_VIEW_REQUEST_ADD_REQUEST="Privacy: New Information Request"
COM_PRIVACY_VIEW_REQUEST_SHOW_REQUEST="Privacy: Review Information Request"
COM_PRIVACY_VIEW_CAPABILITIES="Privacy: Extension Capabilities"
COM_PRIVACY_VIEW_REQUESTS="Privacy: Information Requests"
COM_PRIVACY_XML_DESCRIPTION="Component for managing privacy related actions."
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,6 @@ PLG_AUTH_COOKIE_FIELD_COOKIE_LIFETIME_DESC="The number of days until the authent
PLG_AUTH_COOKIE_FIELD_COOKIE_LIFETIME_LABEL="Cookie Lifetime"
PLG_AUTH_COOKIE_FIELD_KEY_LENGTH_DESC="The length of the key to use to encrypt the cookie. Longer lengths are more secure, but they will slow performance."
PLG_AUTH_COOKIE_FIELD_KEY_LENGTH_LABEL="Key Length"
PLG_AUTH_COOKIE_PRIVACY_CAPABILITY_COOKIE="In conjunction with a plugin which supports a \"Remember Me\" feature, such as the \"System - Remember Me\" plugin, this plugin creates a cookie on the user's client if a \"Remember Me\" checkbox is selected when logging into the website. This cookie can be identified with the prefix `joomla_remember_me` and is used to automatically log users into the website when they visit and are not already logged in."
PLG_AUTH_COOKIE_XML_DESCRIPTION="Handles Joomla's cookie User authentication.<br /><strong> Warning! You must have at least one other authentication plugin enabled.</strong> <br />You will also need a plugin such as the System - Remember Me plugin to implement cookie login."
PLG_AUTHENTICATION_COOKIE="Authentication - Cookie"
2 changes: 2 additions & 0 deletions administrator/language/en-GB/en-GB.plg_captcha_recaptcha.ini
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,8 @@ PLG_RECAPTCHA_ERROR_VERIFY_PARAMS_INCORRECT="The parameters to verify were incor
PLG_RECAPTCHA_ERROR_INVALID_REFERRER="reCAPTCHA API keys are tied to a specific domain name for security reasons."
PLG_RECAPTCHA_ERROR_RECAPTCHA_NOT_REACHABLE="Unable to contact the reCAPTCHA verify server."

PLG_RECAPTCHA_PRIVACY_CAPABILITY_IP_ADDRESS="The reCAPTCHA plugin integrates with Google's reCAPTCHA system as a spam protection service. As part of this service, the IP of the user who is answering the captcha challenge is transmitted to Google."

; Uncomment(remove the ";" from the beginning of the line) the following lines if reCAPTCHA is not available in your language
; When uncommenting, do NOT translate PLG_RECAPTCHA_CUSTOM_LANG
; As of 01/01/2012, the following languages do not need translation: en, nl, fr, de, pt, ru, es, tr
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,5 +24,6 @@ PLG_SYSTEM_LANGUAGEFILTER_FIELD_REMOVE_DEFAULT_PREFIX_DESC="Remove the defined U
PLG_SYSTEM_LANGUAGEFILTER_FIELD_REMOVE_DEFAULT_PREFIX_LABEL="Remove URL Language Code"
PLG_SYSTEM_LANGUAGEFILTER_OPTION_SESSION="Session"
PLG_SYSTEM_LANGUAGEFILTER_OPTION_YEAR="Year"
PLG_SYSTEM_LANGUAGEFILTER_PRIVACY_CAPABILITY_LANGUAGE_COOKIE="On a site which supports multiple languages, this plugin can be configured to set a cookie on the user's browser which remembers their language preference. This cookie is used to redirect users to their preferred language when visiting the site and creating a new session. The cookie's name is based on a randomly generated hash and therefore does not have a constant identifier."
PLG_SYSTEM_LANGUAGEFILTER_SITE_LANGUAGE="Site Language"
PLG_SYSTEM_LANGUAGEFILTER_XML_DESCRIPTION="This plugin filters the displayed content depending on language.<br /><strong>This plugin is to be enabled only when the Language Switcher module is published.</strong><br />If this plugin is activated, it is recommended to also publish the Administrator multilingual status module."
18 changes: 18 additions & 0 deletions plugins/authentication/cookie/cookie.php
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,24 @@ class PlgAuthenticationCookie extends JPlugin
*/
protected $db;

/**
* Reports the privacy related capabilities for this plugin to site administrators.
*
* @return array
*
* @since __DEPLOY_VERSION__
*/
public function onPrivacyCollectAdminCapabilities()
{
$this->loadLanguage();

return array(
JText::_('PLG_AUTHENTICATION_COOKIE') => array(
JText::_('PLG_AUTH_COOKIE_PRIVACY_CAPABILITY_COOKIE'),
)
);
}

/**
* This method should handle any authentication and report back to the subject
*
Expand Down
18 changes: 18 additions & 0 deletions plugins/captcha/recaptcha/recaptcha.php
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,24 @@ class PlgCaptchaRecaptcha extends JPlugin
*/
protected $autoloadLanguage = true;

/**
* Reports the privacy related capabilities for this plugin to site administrators.
*
* @return array
*
* @since __DEPLOY_VERSION__
*/
public function onPrivacyCollectAdminCapabilities()
{
$this->loadLanguage();

return array(
JText::_('PLG_CAPTCHA_RECAPTCHA') => array(
JText::_('PLG_RECAPTCHA_PRIVACY_CAPABILITY_IP_ADDRESS'),
)
);
}

/**
* Initialise the captcha
*
Expand Down
18 changes: 18 additions & 0 deletions plugins/system/languagefilter/languagefilter.php
Original file line number Diff line number Diff line change
Expand Up @@ -518,6 +518,24 @@ public function parseRule(&$router, &$uri)
return $array;
}

/**
* Reports the privacy related capabilities for this plugin to site administrators.
*
* @return array
*
* @since __DEPLOY_VERSION__
*/
public function onPrivacyCollectAdminCapabilities()
{
$this->loadLanguage();

return array(
JText::_('PLG_SYSTEM_LANGUAGEFILTER') => array(
JText::_('PLG_SYSTEM_LANGUAGEFILTER_PRIVACY_CAPABILITY_LANGUAGE_COOKIE'),
)
);
}

/**
* Before store user method.
*
Expand Down

0 comments on commit 525dfe8

Please sign in to comment.